[Bug 530] New: loading nf_nat verision of the iptable_nat module
kills existing connections
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Tue Jan 9 14:32:38 CET 2007
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=530
Summary: loading nf_nat verision of the iptable_nat module kills
existing connections
Product: netfilter/iptables
Version: linux-2.6.x
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: nf_conntrack
AssignedTo: yasuyuki.kozakai at toshiba.co.jp
ReportedBy: phelps at gnusto.com
I'm trying to use the new netfilter nf_nat code in linux-2.6.20-rc3
and running into a minor issue: when I load the iptable_nat module, all
existing connections stop working, as if the packets are being dropped.
This is somewhat irritating since the root partition of the machine in
question is mounted via NFS and, or course, that stops working.
I've poked around a bit and this section of nf_net_standalone.c appears to
be the culprit:
120: /* Don't try to NAT if this packet is not conntracked */
121: if (ct == &nf_conntrack_untracked)
122: return NF_ACCEPT;
123:
124: nat = nfct_nat(ct);
-> 125: if (!nat)
-> 126: return NF_DROP;
If I read this correctly, packets for connections which aren't tracked
at all are accepted, but packets for connections which are being tracked
don't have NAT information are dropped.
Is there any reason why line 126 shouldn't return NF_ACCEPT?
Thanks,
-Ted
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the netfilter-buglog
mailing list